Rollout SSH Keys

[ Up ]

Rollout can manage SSH keys for users to connect to client systems without using a shared password.

All SSH keys are pulled from a file on the rollout server called conf/authorized_keys. This file is in the same format as a user's ~/.ssh/authorized_keys file, which is the key data and the key name separated by a space. Each key takes a single line:

ssh-dss AAAAB3NzaC1kc3MAAACBAKGs5gPjUmNEllmb0.....Lyx67vCJFRzNVtZ99sSWNK7nZ233GKf2ab2HbPbcEGfHuUJsZgl24fXsO1PCgE58w== dparrish
ssh-dss AAAAB3NzaC1kc3MAAACBAM79ajfz6+579TFYa.....tJFA9l+VAS/4z0ISpuRF99YehsJnaxiR/RTUw69yWFWRqlBvNGEbF6eyXAmL9Ka55g= otheruser

This file will be automatically downloaded by rollout when required, and the keys will be installed based on the user/username/sshkeys and sshkeys_add configuration items:

class Sample => {
  user => {
    dparrish => {
      ssh_keys => [ "dparrish" ],
    },
  },
  ssh_keys_add => [ "dparrish", "otheruser" ],
};

In this example, the dparrish key will be added to the dparrish user, and both the dparrish and otheruser keys will be added to the root user.

Using this set of options, you can centrally manage SSH keys so that shared passwords are not required.